Item Search

NameAudit NamePluginCategory
1.1.3.6.2 Set 'Interactive logon: Smart card removal behavior' to 'Lock Workstation'CIS Windows 8 L1 v1.0.0Windows

ACCESS CONTROL

1.1.3.6.6 Set 'Interactive logon: Require Domain Controller authentication to unlock workstation' to 'Disabled'CIS Windows 8 L1 v1.0.0Windows

ACCESS CONTROL

2.2.20 Ensure 'Deny log on through Remote Desktop Services' to include 'Guests, Local account'CIS Microsoft Windows 8.1 v2.4.1 L1Windows

ACCESS CONTROL

18.9.5.1 (L1) Ensure 'Turn On Virtualization Based Security' is set to 'Enabled'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BLWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.1 (L1) Ensure 'Turn On Virtualization Based Security' is set to 'Enabled'CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BLWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.1 (L1) Ensure 'Turn On Virtualization Based Security' is set to 'Enabled'CIS Microsoft Windows 11 Enterprise v3.0.0 L1Windows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.4 (L1) Ensure 'Turn On Virtualization Based Security: Require UEFI Memory Attributes Table' is set to 'True (checked)'CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BLWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.4 (L1) Ensure 'Turn On Virtualization Based Security: Require UEFI Memory Attributes Table' is set to 'True (checked)'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1Windows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.5 (L1) Ensure 'Turn On Virtualization Based Security: Credential Guard Configuration' is set to 'Enabled with UEFI lock'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1Windows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.5 (L1) Ensure 'Turn On Virtualization Based Security: Credential Guard Configuration' is set to 'Enabled with UEFI lock'CIS Microsoft Windows 11 Enterprise v3.0.0 L1Windows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.5 (L1) Ensure 'Turn On Virtualization Based Security: Credential Guard Configuration' is set to 'Enabled with UEFI lock'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BLWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.5 (L1) Ensure 'Turn On Virtualization Based Security: Credential Guard Configuration' is set to 'Enabled with UEFI lock'CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BLWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.6 (L1) Ensure 'Turn On Virtualization Based Security: Secure Launch Configuration' is set to 'Enabled'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BLWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.6 (L1) Ensure 'Turn On Virtualization Based Security: Secure Launch Configuration' is set to 'Enabled'CIS Microsoft Windows 11 Enterprise v3.0.0 L1Windows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.6 (L1) Ensure 'Turn On Virtualization Based Security: Secure Launch Configuration' is set to 'Enabled'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1Windows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.6 (L1) Ensure 'Turn On Virtualization Based Security: Secure Launch Configuration' is set to 'Enabled'CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BLWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.43.1 (L1) Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BLWindows

AUDIT AND ACCOUNTABILITY

18.10.43.1 (L1) Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1Windows

AUDIT AND ACCOUNTABILITY

18.10.43.1 (L1) Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BLWindows

AUDIT AND ACCOUNTABILITY

18.10.43.1 (L1) Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'CIS Microsoft Windows 11 Enterprise v3.0.0 L1Windows

AUDIT AND ACCOUNTABILITY

18.10.43.2 (L1) Ensure 'Allow camera and microphone access in Microsoft Defender Application Guard' is set to 'Disabled'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BLWindows

CONFIGURATION MANAGEMENT

18.10.43.2 (L1) Ensure 'Allow camera and microphone access in Microsoft Defender Application Guard' is set to 'Disabled'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1Windows

CONFIGURATION MANAGEMENT

18.10.43.4 (L1) Ensure 'Allow files to download and save to the host operating system from Microsoft Defender Application Guard' is set to 'Disabled'CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BLWindows

CONFIGURATION MANAGEMENT

18.10.43.4 (L1) Ensure 'Allow files to download and save to the host operating system from Microsoft Defender Application Guard' is set to 'Disabled'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BLWindows

CONFIGURATION MANAGEMENT

18.10.43.4 (L1) Ensure 'Allow files to download and save to the host operating system from Microsoft Defender Application Guard' is set to 'Disabled'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1Windows

CONFIGURATION MANAGEMENT

18.10.43.5 (L1) Ensure 'Configure Microsoft Defender Application Guard clipboard settings: Clipboard behavior setting' is set to 'Enabled: Enable clipboard operation from an isolated session to the host'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BLWindows

CONFIGURATION MANAGEMENT

18.10.43.5 (L1) Ensure 'Configure Microsoft Defender Application Guard clipboard settings: Clipboard behavior setting' is set to 'Enabled: Enable clipboard operation from an isolated session to the host'CIS Microsoft Windows 11 Enterprise v3.0.0 L1Windows

CONFIGURATION MANAGEMENT

18.10.43.5 (L1) Ensure 'Configure Microsoft Defender Application Guard clipboard settings: Clipboard behavior setting' is set to 'Enabled: Enable clipboard operation from an isolated session to the host'CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BLWindows

CONFIGURATION MANAGEMENT

18.10.43.5 (L1) Ensure 'Configure Microsoft Defender Application Guard clipboard settings: Clipboard behavior setting' is set to 'Enabled: Enable clipboard operation from an isolated session to the host'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1Windows

CONFIGURATION MANAGEMENT

18.10.43.6 (L1) Ensure 'Turn on Microsoft Defender Application Guard in Managed Mode' is set to 'Enabled: 1'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BLWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.43.6 (L1) Ensure 'Turn on Microsoft Defender Application Guard in Managed Mode' is set to 'Enabled: 1'CIS Microsoft Windows 11 Enterprise v3.0.0 L1Windows

SYSTEM AND INFORMATION INTEGRITY

75.2 (L1) Ensure 'Require UEFI Memory Attributes Table' is set to 'Require UEFI Memory Attributes Table'CIS Microsoft Intune for Windows 11 v3.0.1 L1Windows

SYSTEM AND INFORMATION INTEGRITY

Audit server does not support encryptionMSCT Windows 11 v24H2 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit server does not support signingMSCT Windows 11 v24H2 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

CIS_MS_Windows_7_v3.2.0_Bitlocker.audit from CIS Microsoft Windows 7 Workstation Benchmark v3.2.0CIS Windows 7 Workstation Bitlocker v3.2.0Windows
CIS_MS_Windows_7_v3.2.0_Level_1_Bitlocker.audit from CIS Microsoft Windows 7 Workstation Benchmark v3.2.0CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows
Enable insecure guest logonsMSCT Windows 11 v23H2 v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

Enable insecure guest logonsMSCT Windows Server 1903 MS v1.19.9Windows

IDENTIFICATION AND AUTHENTICATION

Enable insecure guest logonsMSCT Windows Server 2019 MS v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

Enable insecure guest logonsMSCT Windows 10 1909 v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

Enable insecure guest logonsMSCT Windows 11 v24H2 v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

Mandate the maximum version of SMB - LanmanWorkstationMSCT Windows 11 v24H2 v1.0.0Windows
Mandate the minimum version of SMB - LanmanWorkstationMSCT Windows 11 v24H2 v1.0.0Windows
Red Hat Enterprise Linux 6 Workstation is installedCIS Red Hat 6 Workstation L1 v3.0.0Unix
Red Hat Enterprise Linux 6 Workstation is installedCIS Red Hat 6 Workstation L2 v3.0.0Unix
WN10-CC-000040 - Insecure logons to an SMB server must be disabled.DISA Windows 10 STIG v3r2Windows

CONFIGURATION MANAGEMENT

WN11-CC-000040 - Insecure logons to an SMB server must be disabled.DISA Windows 11 STIG v2r2Windows

CONFIGURATION MANAGEMENT

WN16-CC-000080 - Insecure logons to an SMB server must be disabled.DISA Windows Server 2016 STIG v2r9Windows

CONFIGURATION MANAGEMENT

WN19-CC-000070 - Windows Server 2019 insecure logons to an SMB server must be disabled.DISA Windows Server 2019 STIG v3r2Windows

CONFIGURATION MANAGEMENT

WN22-CC-000070 - Windows Server 2022 insecure logons to an SMB server must be disabled.DISA Windows Server 2022 STIG v2r2Windows

CONFIGURATION MANAGEMENT